Phase 4: GPG & gopass
Phase 4: GPG & gopass
Transfer GPG Key from Workstation
On workstation:
# Export secret key
gpg --export-secret-keys --armor 28A3183647525597 > /tmp/gpg-secret.asc# Copy to phone
sudo scp -P 8022 /tmp/gpg-secret.asc u0_a385@10.50.10.110:~/# Clean up workstation
rm /tmp/gpg-secret.ascImport GPG Key on Phone
gpg --import ~/gpg-secret.asc# Trust the key (interactive: trust → 5 → y → quit)
gpg --edit-key 28A3183647525597# Verify
gpg --list-secret-keys# Clean up phone
rm ~/gpg-secret.ascConfigure GPG Agent for Termux
Termux requires pinentry-tty — no GUI pinentry available.
mkdir -p ~/.gnupg
echo "pinentry-program /data/data/com.termux/files/usr/bin/pinentry-tty" > ~/.gnupg/gpg-agent.conf
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf# Restart gpg-agent
gpgconf --kill gpg-agent
gpg-agent --daemonClone gopass Store
mkdir -p ~/.local/share/gopass/stores
git clone git@github.com:EvanusModestus/gopass-v3.git ~/.local/share/gopass/stores/v3Configure gopass Mount
Use gopass mounts add — do NOT manually edit the config file.
|
gopass mounts add v3 ~/.local/share/gopass/stores/v3# Verify mount
gopass mounts# Test
gopass ls
gopass show domains/d000/identity/ssh/github| Check | Status |
|---|---|
GPG key exported from workstation |
[x] |
GPG key imported on phone |
[x] |
Key trusted (ultimate trust) |
[x] |
GPG agent configured (pinentry-tty) |
[x] |
gopass store cloned |
[x] |
gopass mount configured |
[x] |
|
[x] |